The Certificate Authority failed to download the temporary challenge files created by Certbot

Help
1

I found that C:\nginx-1.2
1.6\html\monitor\ created a file in the folder, and I could access the file through the network.
I found that he had created a file in the folder, and I could access the file through the network.
C:\Users\Administrator>certbot certonly --webroot -d monitor.siniswift.com
Saving debug log to C:\Certbot\log\letsencrypt.log
Requesting a certificate for monitor.siniswift.com
Input the webroot for monitor.siniswift.com: (Enter 'c' to cancel): C:\nginx-1.2
1.6\html\monitor

Certbot failed to authenticate some domains (authenticator: webroot). The Certif
icate Authority reported these problems:
Domain: monitor.siniswift.com
Type: connection
Detail: Fetching http://monitor.siniswift.com/.well-known/acme-challenge/Lhvg8
3NeQ-CrYgmkTqWsWcZv4uXCaXu--BUBPeCEIRg: Timeout during connect (likely firewall
problem)

Hint: The Certificate Authority failed to download the temporary challenge files
created by Certbot. Ensure that the listed domains serve their content from the
provided --webroot-path/-w and that files created there can be downloaded from
the internet.

My domain is: monitor.siniswift.com

I ran this command: certbot certonly --webroot -d monitor.siniswift.com
Input the webroot for monitor.siniswift.com: (Enter 'c' to cancel): C:\nginx-1.2
1.6\html\monitor

My web server is (include version): nginx1.21.6

The operating system my web server runs on is (include version): windows server 2012

The version of my client is: certbot 1.24.0

2

Port 80 doesn't seem to be accessible on your server. I can't connect from my laptop.

It is required for the --webroot authenticator to succeed.

3 Likes
3

you can try again ,I just closed.
The public IP address is mapped to 80, but the port published by the intranet server is not 80. Will this have an impact

4

If you just get the http (not https) version of your site working for public access then http validation will work. Currently you're still either blocking port 80 or not listening to port 80 in nginx.

2 Likes
5

You mean that the intranet nginx port 80 is mapped to the Internet port 80,

Instead of mapping other ports to extranet port 80

6
  1. The port exposed on the internet must be port 80.
  2. The port exposed by nginx on the local network can be anything. For the --webroot authenticator, it is not important. You can use any port you like.

However, your internet port 80 still times out, and that is the current cause of your problems.

3 Likes
7

thanks

1 Like
8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.